private SecurableItem GetSecurableItemById(SecurableItem parentSecurableItem, Guid itemId) { if (parentSecurableItem.Id == itemId) { return(parentSecurableItem); } var childSecurableItems = parentSecurableItem.SecurableItems; if (childSecurableItems == null || childSecurableItems.Count == 0) { throw new NotFoundException <SecurableItem>(itemId.ToString()); } var securableItem = childSecurableItems.FirstOrDefault(item => item.Id == itemId); if (securableItem != null) { return(securableItem); } foreach (var childSecurableItem in childSecurableItems) { if (TryGetSecurableItemById(childSecurableItem, itemId, out SecurableItem item)) { return(item); } } throw new NotFoundException <SecurableItem>(itemId.ToString()); }
private void CheckUniqueness(SecurableItem parentSecurableItem, SecurableItem item) { if (parentSecurableItem.Name == item.Name || parentSecurableItem.SecurableItems.Any(s => s.Name == item.Name)) { throw new AlreadyExistsException <SecurableItem>( $"The SecurableItem {item.Name} already exists within or has the same name as the parent item: {parentSecurableItem.Name}"); } }
private void InitializeSecurableItems(SecurableItem topLevelSecurableItem) { foreach (var securableItem in topLevelSecurableItem.SecurableItems) { _securableItems.Add(securableItem); InitializeSecurableItems(securableItem); } }
public Task <SecurableItem> Get(string name) { var item = new SecurableItem { Name = name, ClientOwner = string.Empty }; return(Task.FromResult(item)); }
public async Task <SecurableItem> AddSecurableItem(string clientId, SecurableItem item) { item.CreatedDateTimeUtc = DateTime.UtcNow; item.Id = Guid.NewGuid(); var client = await _clientStore.Get(clientId); CheckUniqueness(client.TopLevelSecurableItem, item); client.TopLevelSecurableItem.SecurableItems.Add(item); await _clientStore.Update(client); return(item); }
private bool TryGetSecurableItemById(SecurableItem parentSecurableItem, Guid itemId, out SecurableItem item) { try { item = GetSecurableItemById(parentSecurableItem, itemId); return(true); } catch (AggregateException) { item = null; return(false); } }
public bool DoesClientOwnItem(SecurableItem topLevelSecurableItem, string grain, string securableItem) { if (topLevelSecurableItem == null) { return(false); } if (TopLevelGrains.Contains(grain) && topLevelSecurableItem.Name == securableItem) { return(true); } return(HasRequestedSecurableItem(topLevelSecurableItem, grain, securableItem)); }
public static SecurableItem ToSecurableItemDomainModel(this SecurableItemApiModel securableItem) { var securableItemApiModel = new SecurableItem { Id = securableItem.Id ?? Guid.Empty, Name = securableItem.Name, SecurableItems = securableItem.SecurableItems?.Select(s => s.ToSecurableItemDomainModel()).ToList(), CreatedDateTimeUtc = securableItem.CreatedDateTimeUtc, CreatedBy = securableItem.CreatedBy, ModifiedDateTimeUtc = securableItem.ModifiedDateTimeUtc, ModifiedBy = securableItem.ModifiedBy }; return(securableItemApiModel); }
/// <summary> /// Lists role permissions /// </summary> /// <param name="roleName"></param> /// <returns></returns> public async Task <RServiceResult <SecurableItem[]> > GetRoleSecurableItemsStatus(string roleName) { try { RAppRole roleByName = await _roleManager.FindByNameAsync(roleName); if (roleByName == null) { return(new RServiceResult <SecurableItem[]>(null, "role not found")); } RAppRole role = await _roleManager.Roles.Include(g => g.Permissions).Where(g => g.Id == roleByName.Id).SingleOrDefaultAsync(); List <SecurableItem> securableItems = new List <SecurableItem>(); foreach (SecurableItem templateItem in GetSecurableItems()) { SecurableItem item = new SecurableItem() { ShortName = templateItem.ShortName, Description = templateItem.Description }; List <SecurableItemOperation> operations = new List <SecurableItemOperation>(); foreach (SecurableItemOperation operation in templateItem.Operations) { operations.Add( new SecurableItemOperation() { ShortName = operation.ShortName, Description = operation.Description, Prerequisites = operation.Prerequisites, Status = role.Permissions.Where(p => p.SecurableItemShortName == templateItem.ShortName && p.OperationShortName == operation.ShortName).SingleOrDefault() != null } ); } item.Operations = operations.ToArray(); securableItems.Add(item); } return(new RServiceResult <SecurableItem[]>(securableItems.ToArray())); } catch (Exception exp) { return(new RServiceResult <SecurableItem[]>(null, exp.ToString())); } }
public static SecurableItemApiModel ToSecurableItemApiModel(this SecurableItem securableItem) { var securableItemApiModel = new SecurableItemApiModel { Id = securableItem.Id, Name = securableItem.Name, Grain = securableItem.Grain, SecurableItems = securableItem.SecurableItems?.Select(s => s.ToSecurableItemApiModel()).ToList(), CreatedDateTimeUtc = securableItem.CreatedDateTimeUtc, CreatedBy = securableItem.CreatedBy, ModifiedDateTimeUtc = securableItem.ModifiedDateTimeUtc, ModifiedBy = securableItem.ModifiedBy, ClientOwner = securableItem.ClientOwner }; return(securableItemApiModel); }
private static bool HasRequestedSecurableItem(SecurableItem parentSecurableItem, string grain, string securableItem) { var childSecurableItems = parentSecurableItem.SecurableItems; if (childSecurableItems == null || childSecurableItems.Count == 0) { return(false); } if (parentSecurableItem.Name == grain && childSecurableItems.Any(r => r.Name == securableItem)) { return(true); } return(childSecurableItems.Any( childSecurableItem => HasRequestedSecurableItem(childSecurableItem, grain, securableItem))); }
private void SetupPermissions(Domain.Models.Role defaultRole, SecurableItem securableItem, Role incomingRole) { foreach (var permission in defaultRole.Permissions) { var existingPermission = _authorizationDbContext.Permissions.FirstOrDefault( p => p.Name == permission.Name && p.Grain == permission.Grain && p.SecurableItem.Name == securableItem.Name); if (existingPermission == null) { var incomingPermission = permission.ToEntity(); incomingPermission.PermissionId = Guid.NewGuid(); incomingPermission.SecurableItemId = securableItem.SecurableItemId; incomingPermission.RolePermissions.Add(new RolePermission { RoleId = incomingRole.RoleId, PermissionId = incomingPermission.PermissionId, PermissionAction = PermissionAction.Allow }); _authorizationDbContext.Permissions.Add(incomingPermission); } } }
public static bool HasRequestedSecurableItem(this SecurableItem parentSecurableItem, string securableItem) { if (parentSecurableItem.Name == securableItem) { return(true); } var childSecurableItems = parentSecurableItem.SecurableItems; if (childSecurableItems == null || childSecurableItems.Count == 0) { return(false); } if (childSecurableItems.Any(si => si.Name == securableItem)) { return(true); } return(childSecurableItems.Any( childSecurableItem => HasRequestedSecurableItem(childSecurableItem, securableItem))); }
public async Task MigrateDuplicateGroups_HasDuplicateIdentifiers_SuccessAsync() { var container = _fixture.Bootstrapper.TinyIoCContainer; var dbContext = container.Resolve <IAuthorizationDbContext>(); var groupMigratorService = container.Resolve <GroupMigratorService>(); #region Data Setup var client = new Client { ClientId = $"client1-{Guid.NewGuid()}", Name = $"Client 1-{Guid.NewGuid()}" }; var grain = new Grain { Name = $"dos-{Guid.NewGuid()}" }; var securableItem = new SecurableItem { Name = $"datamarts-{Guid.NewGuid()}", Grain = grain, ClientOwner = client.ClientId }; client.TopLevelSecurableItem = securableItem; var customGroup1 = new Group { GroupId = Guid.NewGuid(), Name = $"Custom Group 1-{Guid.NewGuid()}", Source = GroupConstants.CustomSource, CreatedBy = "test", CreatedDateTimeUtc = DateTime.UtcNow }; var customGroup2 = new Group { GroupId = Guid.NewGuid(), Name = $"Custom Group 2-{Guid.NewGuid()}", Source = GroupConstants.CustomSource, CreatedBy = "test", CreatedDateTimeUtc = DateTime.UtcNow }; var groupGuid = Guid.NewGuid(); var group1 = new Group { GroupId = Guid.NewGuid(), Name = $"Group 1-{groupGuid}", IdentityProvider = IdentityConstants.ActiveDirectory, TenantId = "12345", Source = GroupConstants.DirectorySource, CreatedBy = "test", CreatedDateTimeUtc = DateTime.UtcNow }; var group2 = new Group { GroupId = Guid.NewGuid(), Name = $"groUP 1-{groupGuid}", IdentityProvider = IdentityConstants.ActiveDirectory, TenantId = "12345", Source = GroupConstants.DirectorySource, CreatedBy = "test", CreatedDateTimeUtc = DateTime.UtcNow }; var group3 = new Group { GroupId = Guid.NewGuid(), Name = $"groUP 1-{groupGuid}", IdentityProvider = IdentityConstants.AzureActiveDirectory, TenantId = "12345", Source = GroupConstants.DirectorySource, CreatedBy = "test", CreatedDateTimeUtc = DateTime.UtcNow }; var role1 = new Role { RoleId = Guid.NewGuid(), Name = "Role 1", Grain = grain.Name, SecurableItem = securableItem }; var role2 = new Role { RoleId = Guid.NewGuid(), Name = "Role 2", Grain = grain.Name, SecurableItem = securableItem, }; var role3 = new Role { RoleId = Guid.NewGuid(), Name = "Role 3", Grain = grain.Name, SecurableItem = securableItem, }; var role4 = new Role { RoleId = Guid.NewGuid(), Name = "Role 4", Grain = grain.Name, SecurableItem = securableItem, }; var group1Role1 = new GroupRole { Group = group1, Role = role1 }; var group2Role1 = new GroupRole { Group = group2, Role = role1 }; var group2Role2 = new GroupRole { Group = group2, Role = role2 }; var group2Role3 = new GroupRole { Group = group2, Role = role3, IsDeleted = true }; var group3Role4 = new GroupRole { Group = group3, Role = role4 }; var user1 = new User { IdentityProvider = IdentityConstants.ActiveDirectory, SubjectId = Guid.NewGuid().ToString() }; var customGroup1User1 = new GroupUser { Group = customGroup1, User = user1 }; var customGroup2User1 = new GroupUser { Group = customGroup2, User = user1 }; var childGroup1 = new ChildGroup { ChildGroupId = group1.GroupId, ParentGroupId = customGroup1.GroupId, CreatedBy = "test", CreatedDateTimeUtc = DateTime.UtcNow }; var childGroup2 = new ChildGroup { ChildGroupId = group2.GroupId, ParentGroupId = customGroup1.GroupId, CreatedBy = "test", CreatedDateTimeUtc = DateTime.UtcNow }; var childGroup3 = new ChildGroup { ChildGroupId = group2.GroupId, ParentGroupId = customGroup2.GroupId, CreatedBy = "test", CreatedDateTimeUtc = DateTime.UtcNow }; dbContext.Clients.Add(client); dbContext.Grains.Add(grain); dbContext.SecurableItems.Add(securableItem); dbContext.Roles.AddRange(new List <Role> { role1, role2, role3, role4 }); dbContext.Groups.AddRange(new List <Group> { customGroup1, customGroup2, group1, group2, group3 }); dbContext.GroupRoles.AddRange(new List <GroupRole> { group1Role1, group2Role1, group2Role2, group2Role3, group3Role4 }); dbContext.Users.Add(user1); dbContext.GroupUsers.AddRange(new List <GroupUser> { customGroup1User1, customGroup2User1 }); dbContext.ChildGroups.AddRange(new List <ChildGroup> { childGroup1, childGroup2, childGroup3 }); dbContext.SaveChanges(); #endregion var results = await groupMigratorService.MigrateDuplicateGroups(); Assert.Equal(1, results.GroupMigrationRecords.Count); Assert.Empty(results.GroupMigrationRecords.SelectMany(r => r.Errors)); var principal = new ClaimsPrincipal(new ClaimsIdentity(new List <Claim> { new Claim(Claims.Scope, Scopes.ManageClientsScope), new Claim(Claims.Scope, Scopes.ReadScope), new Claim(Claims.Scope, Scopes.WriteScope), new Claim(Claims.ClientId, client.ClientId), new Claim(Claims.IdentityProvider, "idP1") }, "rolesprincipal")); var browser = _fixture.GetBrowser(principal, _storageProvider); var getResponse = await browser.Get(HttpUtility.UrlEncode($"/groups/Group 1-{groupGuid}"), with => { with.HttpRequest(); with.Header("Accept", "application/json"); with.Query("identityProvider", IdentityConstants.ActiveDirectory); with.Query("tenantId", "12345"); }); var groupRoleApiModel = getResponse.Body.DeserializeJson <GroupRoleApiModel>(); var roles = groupRoleApiModel.Roles.ToList(); Assert.Equal(2, roles.Count); Assert.Contains(roles, r => r.Name == role1.Name); Assert.Contains(roles, r => r.Name == role2.Name); var parents = groupRoleApiModel.Parents.ToList(); Assert.Contains(parents, p => p.GroupName == customGroup1.Name); Assert.Contains(parents, p => p.GroupName == customGroup2.Name); var groupStore = container.Resolve <IGroupStore>(); await groupStore.Delete(customGroup1.ToModel()); await groupStore.Delete(customGroup2.ToModel()); await groupStore.Delete(group1.ToModel()); await groupStore.Delete(group2.ToModel()); await groupStore.Delete(group3.ToModel()); }
public async Task <SecurableItem> AddSecurableItem(string clientId, Guid itemId, SecurableItem item) { item.CreatedDateTimeUtc = DateTime.UtcNow; item.Id = Guid.NewGuid(); item.ClientOwner = clientId; var client = await _clientStore.Get(clientId); var parentSecurableItem = await GetSecurableItem(client.Id, itemId); CheckUniqueness(parentSecurableItem, item); if (parentSecurableItem.Grain != item.Grain) { throw new BadRequestException <SecurableItem>("The SecurableItem child grain must match the parent SecurableItem's grain."); } parentSecurableItem.SecurableItems.Add(item); await _clientStore.Update(client); return(item); }